Sunday, January 28, 2018

How to secure Nginx with Let’s Encrypt on CentOS 7

How do I secure my Nginx web server with
Let’s Encrypt free ssl certificate on my CentOS 7 or RHEL 7 server? How
to configure Nginx with Let’s Encrypt on CentOS 7?
Let’s Encrypt is a free, automated, and open certificate authority for
your website or any other projects. This page shows how to use Let’s
Encrypt to install a free SSL certificate for Nginx web server. You will
learn how to properly deploy Diffie-Hellman on your server to get SSL
labs A+ score on a CentOS/RHEL 7.

Step 1 – Install the required software

Step 2 – Install acme.sh Let’s Encrypt client

Clone the repo:$ cd /tmp/ $ git clone https://github.com/Neilpang/acme.sh.git Install acme.sh client on to your system, run:$ cd acme.sh/ $ sudo -i # ./acme.sh --install
After install, you must close current terminal and reopen again to make
the alias take effect. Or simply type the following source command:$ sudo source ~/.bashrc

Step 5 – Obtain a certificate for domain

Step 6 – Configure Nginx

You
just successfully requested an SSL Certificate from Let’s Encrypt for
your CentOS 7 or RHEL 7 server. It is time to configure it. Edit
default.ssl.conf:$ sudo vi /etc/nginx/conf.d/default.ssl.conf Append the following config:

Step 8 – Test it

Fire a web browser and type your domain such as:https://server2.cyberciti.biz Test it with SSLlabs test site:https://www.ssllabs.com/ssltest/analyze.html?d=server2.cyberciti.biz

Step 9 – acme.sh commands

List all certificates:# acme.sh --list Renew a cert for domain named server2.cyberciti.biz# acme.sh --renew -d server2.cyberciti.biz Please note that a cron job will try to do renewal a certificate for you too. This is installed by default as follows (no action required on your part). To see job run:# crontab -l Sample outputs: